BENTHAM SCIENCE PUBLISHERS LTD.
End User License Agreement (for non-institutional, personal use)
Usage Rules:
Disclaimer:
Limitation of Liability:
General:
FOREWORD
PREFACE
Navigating the Ethical Landscape of Digital Investigations
Abstract
INTRODUCTION
DIGITAL FORENSICS PRINCIPLES
LEGAL AND ETHICAL CONSIDERATIONS
TRAITS OF FORENSIC INVESTIGATORS
Digital Investigations Use Case Examples
Financial Fraud
Data Breaches
Child Exploitation
Cyber Espionage
Email Fraud (Phishing)
Identity Theft
Cryptocurrency Theft
Social Media Crimes
Insider Threats
Denial-of-Service (DoS) Attacks
CONCLUSION
References
Constructing A Robust Digital Forensics Environment
Abstract
INTRODUCTION
LAB FACILITY
Physical Requirements
Environment Control
, LAB EQUIPMENT
System Equipment
Electrical - Tools Equipment
Network Devices
Forensic Workstation
COMMERCIAL WORKSTATIONS
Momentum T1000 Digital Forensic Workstation
FRED Forensic Workstation
CONCLUSION
References
Acquisition of Live Analysis and Volatile Data
Abstract
INTRODUCTION
Basics of Data Acquisition
ORDER OF VOLATILITY
Rules of Thumb for Data Acquisition
TYPES OF DATA ACQUISITION
LIVE ACQUISITION
DEAD ACQUISITION
IMAGING USING BIT STREAMS
Data Acquisition Format
DATA ACQUISITION METHODOLOGY
HANDS-ON: LIVE DATA ACQUISITION TOOLS
Tool: FTK Imager
Tool: Volatility Framework (Live Data)
TOOL: FTK IMAGER (DEAD DATA ACQUISITION)
CONCLUSION
REFERENCES
File System Forensics
Abstract
INTRODUCTION - UNDERSTANDING STORAGE DRIVES
Primary Storage
RAM (Random Access Memory)
DRAM (Dynamic Random Access Memory)
SRAM (Static Random Access Memory)
ROM (Read Only Memory)
PROM
, EPROM
EEPROM
Secondary Storage
HDD (Hard Disk Drives)
SSD (Solid State Drives)
Magnetic Tapes
Optical Drives (CD/DVD)
Network Storage
DISK LOGICAL STRUCTURE
Clusters
Size of Cluster
Lost Clusters
Slack Space
Master Boot Record (MBR)
Partitions of Disks
BIOS Parameter Block (BPB)
Globally Unique Identifier (GUID)
GUID Partition Table (GPT)
BOOT PROCESS OF WINDOWS AND LINUX
Boot Process
Essential Windows System Files
Bios-mbr Methods
UEFI-GPT Windows Boot Process
Guid Partition Table (GPT)
Examining GPT Entries and Headers
FORENSICS TOOLS TO ANALYZE FILE SYSTEMS
File Systems for Windows
File Allocation Table (FAT)
New Technology File System (NTFS)
USE CASES AND EXAMPLES
Installing Autopsy
Conduct Investigations using Autopsy
CONCLUSION
References
Windows Forensics and Registry Analysis
Abstract
INTRODUCTION